QNAP extends critical updates for some unsupported NAS devices

QNAP extends critical updates for some unsupported NAS devices

QNAP has extended support and will keep issuing security updates for some end-of-life (EOL) network-attached storage (NAS) devices until October 2022.

This should provide customers with unsupported devices to upgrade and have their data protected from “evolving security threats.”

“EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology,” the Taiwan-based NAS maker said.

“Due to these reasons, QNAP normally maintains security updates for 4 years after a product passes its EOL date.  As a special effort to help users protect their devices from today‚Äôs security threats, QNAP has extended security updates for some EOL models till October 2022.”

The company added that, while the support date has been moved until October, these EOL devices will only receive security updates addressing high severity and critical vulnerabilities.

More info on what NAS models now come with extended support time can be found in the table embedded below.

CPU Architecture Last Supported NAS OS Version for the Model Extended Date
x86 64-bit models
or ARM models that support one of the NAS OS versions on the right.
QTS 4.2.6
QTS 4.3.3
QTS 4.3.6
QTS 4.4.1
Effectively till October 2022

Don’t expose your NAS to the Internet

QNAP also added that customers should not expose EOL NAS devices to the Internet to ensure that attackers will not compromise them using exploits targeting unpatched vulnerabilities.

This warning mirrors a recent one issued in January before Qlocker and DeadBolt ransomware attacks began targeting Internet-exposed devices.

Customers were warned their devices were at a high risk of being the target of an attack if exposed to the Internet and the System Administration service was directly accessible from external IP addresses.

QNAP said taking the following  measures should defend from attacks:

  • Disable the Port Forwarding function of the router: Go to the management interface of your router, check the Virtual Server, NAT, or Port Forwarding settings, and disable the port forwarding setting of NAS management service port (port 8080 and 433 by default).
  • Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”

QNAP also urged customers today to follow recommendations on enhancing NAS devices’ security to block malware or other types of attacks.